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DETAILED ACTION 

1. Claims 1-6, 8-31, 33-47, and 49-72 have been examined. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

3. Claims 1-6, 8-15, 17-22, 24-31, 33-37, 41-47, 49-55, and 57-72 are rejected under 35 
U.S.C. 102(a) as being clearly anticipated by Czerwinski et al. "An Architecture for a Secure 
Service Discovery Service" (hereinafter Czerwinski). 

4. As per claim 1, 27, 43, 51, and 62, Czerwinski discloses a method for communicating in 
a distributed computing environment, comprising: a client accessing an authentication service to 
obtain an authentication credential to use a first service (Czerwinski: page 26 section 3.1 and 
page 27 section 3.3 and page 28 section 3.4); determining client capabilities for said client, 
wherein said client capabilities are capabilities of said first service that said client is permitted to 
use (Czerwinski: page 28 section 3.1: the capability manager capabilities to clients so that" clients 
can pass the capability-based access control system of the SDS); binding said client capabilities 
to said authentication credential (Czerwinski: page 28 section 3.4: the authentication credential 
includes the capability and distributed after authentication); said client sending a first message to 
said first service, wherein said first message includes said authentication credential (Czerwinski: 
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page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); said first service using said 
authentication service to authenticate said authentication credential received in said first message 
(Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); and said first 
service responding to said first message if said authentication credential in said first message is 
determined to be authentic as from said client (Czerwinski: page 26 section 3.1 and page 27 
section 3.3 and page 28 section 3.4). 

5. As per claim 2 and 28, Czerwinski discloses the method as recited in claims 1 and 27 
respectively. Czerwinski further discloses the method comprising said client obtaining an address 
for said authentication service from an advertisement for said first service (Czerwinski: page 26 
section 3.1 and page 27 section 3.3 and page 28 section 3.4), wherein said accessing an 
authentication service comprises said client sending a message to said address for said 
authentication service requesting said authentication credential to use said advertised first 
service. (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4). 

6. As per claim 3 and 44, Czerwinski discloses the method as recited in claims 2 and 43 
respectively. Czerwinski further discloses wherein said advertisement for said first service 
includes a data representation language schema defining.a message interface for accessing said 
first service (Czerwinski: page 27 section 3.1 : a client submits a query in the form of an XML 
template). 
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7. As per claim 4 and 45, Czerwinski discloses the method as recited in claims 3 and 44 
respectively. Czerwinski further discloses wherein said first message corresponds to a message 
defined in said data representation language schema (Czerwinski: page 27 section 3.1: a client 
submits a query in the form of an XML template). 

8. As per claims 5, 30, 46, and 54, Czerwinski discloses the method as recited in claims 4, 
29, 45, and 53 

9. . respectively. Czerwinski further discloses the method comprising said client sending 
additional messages to said first service to use said first service, wherein said authentication 
credential is included with each one of said additional messages, and wherein each one of said 
additional messages is defined by said data representation language schema (Czerwinski: page 
27 section 3.1: a client uses Authenticated RMI). 

10. As per claim 6, 31, 47, 55, and 65, Czerwinski discloses the method as recited in claims 
5, 29, 44, 53, and 64 respectively. Czerwinski further discloses wherein said data representation 
language schema is an extensible Markup Language (XML) schema (Czerwinski: page 27 
section 3. 1 : a client uses Authenticated RMI). 

11. As per claim 8, 33, and 49, Czerwinski discloses the method as recited in claims 7, 32, 
and 43 respectively. Czerwinski further discloses the method comprising: said client sending a 
request message to said first service to access a capability of said first service wherein said 
request includes said authentication credential (Czerwinski: page 26 section 3.1 and page 27 
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section 3.3 and page 28 section 3.4); said first service determining that the capability requested 
in said request message is within said client capabilities (Czerwinski: page 26 section 3.1 and 
page 27 section 3.3 and page 28 section 3.4); and said first service fulfilling said request message 
only if the capability requested in said request message is within said client capabilities 
(Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4). 

12. As per claim 9 and 34, Czerwinski discloses the method as recited in claims 7 and 32 
respectively. Czerwinski further discloses wherein said determining client capabilities comprises 
said client accessing an access policy service to obtain a capability token indicating which 
capabilities of said first service said client is permitted to access (Czerwinski: page 28 section 
3.4). 

13. As per claim 10 and 35, Czerwinski discloses the method as recited in claims 9 and 34 
respectively. Czerwinski further discloses wherein said authentication service and said access 
policy service are combined as a single service and wherein said capability token is included 
within said authentication credential (Czerwinski: page 28 section 3.4). 

14. _ As per claim 1 1, Czerwinski discloses the method as recited in claim 7. Czerwinski 
further discloses wherein said determining client capabilities is performed by said first 
service(Czerwinski: page 28 section 3.4). 
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15. As per claim 12 and 36, Czerwinski discloses the method as recited in claims 1 and 27 
respectively. Czerwinski further discloses the method comprising said client generating a 
message gate for accessing said first service (Czerwinski: page 26 section 3.1 and page 27 
section 3.3 and page 28 section 3.4), wherein said message gate sends request messages from 
said client to said first service to access said first service (Czerwinski: page 26 section 3.1 and 
page 27 section 3.3 and page 28 section 3.4), and wherein said message gate includes said 
authentication credential in each message to said first service (Czerwinski: page 26 section 3.1 
and page 27 section 3.3 and page 28 section 3.4). 

16. As per claim 13, Czerwinski discloses the method as recited in claim 12. Czerwinski 
further discloses the method comprising said client obtaining a service advertisement for said 
first service before accessing said first service (Czerwinski: page 26 section 3.1 and page 27 
section 3.3 and page 28 section 3.4), wherein said service advertisement comprises an address 
for said authentication service and an address for said first service (Czerwinski: page 26 section 
3.1 and page 27 section 3.3 and page 28 section 3.4). 

17. As per claim 14, 53, and 64, Czerwinski discloses the method as recited in claims 13, 52, 
and 63_respectively. Czerwinski further discloses wherein said service advertisement further 
comprises a data representation language schema defining a message interface for accessing said 
first service (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4), 
wherein said message gate verifies that each message sent from said client to said first service 



Application/Control Number: 09/653,227 Page 7 

Art Unit: 2131 

complies with said data representation language schema (Czerwinski: page 26 section 3.1, page 
27 section 3.3, page 28 section 3.4, page 25 sections 2.2-2.3). 

18. As per claim 15, Czerwinski discloses the method as recited in claim 1. Czerwinski 
further discloses wherein said authentication service is a separately addressable service from said 
first service (Czerwinski: page 26 section 3.1, page 27 sections 3.3, page 28 section 3.4, and page 
32 section 6.1). 

19. As per claim 17, 58, and 69, Czerwinski discloses a method for communication in a 
distributed computing environment, comprising: a client obtaining a service advertisement for a 
first service (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4), 
wherein said service advertisement includes an address for an authentication service 
(Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); said client 
sending a request message to said authentication service to obtain an authentication credential to 
use said first service (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 
section 3.4); said client generating a message gate for accessing said first service (Czerwinski: 
page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4), wherein said message gate 
embeds said authentication credential in every message from said client to said first service 
(Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); and said 
client accessing said first service through said message gate (Czerwinski: page 26 section 3.1 and 
page 27 section 3.3 and page 28 section 3.4). 
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20. As per claim 18, 29, 37, and 59, Czerwinski discloses the method as recited in claims 17, 
28, 36, and 58 respectively. Czerwinski further discloses wherein said service advertisement 
further comprises a data representation language schema defining a message interface for 
accessing said first service (Czerwinski: page 27 section 3.1: a client uses Authenticated RMI), 
the method further comprising said message gate verifying that every message sent from said 
client to said first service complies with said data representation language schema (Czerwinski: 
page 27 section 3.1 : a client uses Authenticated RMI). 

21. As per claim 19 and 60, Czerwinski discloses the method as recited in claims 18 and 59 
respectively. Czerwinski further discloses wherein said data representation language schema is 
an extensible Markup Language (XML) schema and said messages from said client to said first 
service are XML messages (Czerwinski: page 27 section 3.1 : submit XML query). 

22. As per claim 20, Czerwinski discloses the method as recited in claim 17. Czerwinski 
further discloses the method comprising said first service using said authentication service to 
determine if said authentication credential received in a first message from said client is 
authentic (Czerwinski: page 28 section 3.4). 

23. As per claim 21 and 61, Czerwinski discloses the method as recited in claims 20 and 58 
respectively. Czerwinski further discloses the method comprising, after authenticating said 
authentication credential received in said first message from said client, said first service 
determining which capabilities of said first service said client is authorized to use (Czerwinski: 
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page 28 section 3.4), wherein said first service responds to a request message from said client 
only if said request message is for an authorized capability for said client (Czerwinski: page 28 
section 3.4). 



24, As per claim 24, Czerwinski discloses the method as recited in claim 17. Czerwinski 
further discloses wherein said service advertisement for said first service further includes an 
address for accessing said first service, wherein said authentication service and said first service 
are separate services within the distributed computing environment (Czerwinski: page 28 section 
3.1). 

25. As per claim 25, Czerwinski discloses the method as recited in claim 17. Czerwinski 
further discloses wherein said service advertisement further includes a service identifier token for 
said first service, wherein said client sending a request message to said authentication service to 
obtain an authentication credential comprises sending said service identifier token and a client 
identifier token to said authentication service (Czerwinski: page 28 section 3.4: binding the 
principal name and the service name and signed by some well known authority). 



26. As per claim 26, Czerwinski discloses the method as recited in claim 25. Czerwinski 
further discloses wherein said authentication service generates said authentication credential 
from said client identifier token and said service identifier token (Czerwinski: page 28 section 
3.4: binding the principal name and the service name and signed by some well known authority). 
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27. As per claim 41 and 57, Czerwinski discloses the client device as recited in claims 27 and 
51 respectively. Czerwinski further discloses wherein said authentication service is configured to 
execute within an authentication server (Czerwinski: page 26 section 3.1 and page 27 section 3.3 
and page 28 section 3.4); wherein said first service is configured to execute within a service 
device (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); and 
wherein said client device, said service device, and said authentication server are separate 
devices comprised in a distributed computing environment (Czerwinski: page 26 section 3.1 and 
page 27 section 3.3 and page 28 section 3.4). 

28. As per claim 42, Czerwinski discloses the client device as recited in claim 27. Czerwinski 
further discloses wherein said first service is configured to execute within said client device 
(Czerwinski: page 27 section 3.1: remote method invocation). 

29. As per claim 50, Czerwinski discloses the service device as recited in claim 43. 
Czerwinski further discloses wherein said client is configured to execute within a client device, 
and wherein said service device and said client device are separate devices comprised in a 
distributed computing environment (Czerwinski: page 36 section 3.1). 

30. As per claim 52 and 63, Czerwinski discloses the system as recited in claims 51 and 62 
respectively. Czerwinski further discloses wherein the service device is further configured to 
provide to said client device an advertisement for said service device (Czerwinski: page 26 
section 3.1 and page 25 section 2.3), wherein said advertisement includes a data representation 
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language schema defining a message interface for accessing said service device (Czerwinski: 
page 26 section 3.1 and page 25 section 2.3); wherein the client device is further configured to 
obtain an address for said authentication service from said advertisement for said service device 
(Czerwinski: page 26 section 3.1 and page 25 section 2.3); and wherein, in said accessing an 
authentication service, the client device is further configured to send a message to said address 
for said authentication service requesting said authentication credential to use said advertised 
service device (Czerwinski: page 26 section 3.1, page 25 section 2.3, and page 27 section 3.3). 

31. As per claim 66, Czerwinski discloses the carrier medium as recited in claim 62. 
Czerwinski further discloses wherein the program instructions are further computer-executable to 
implement: said client sending a request message to said first service to access a capability of 
said first service (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 
3.4), wherein said request message includes said authentication credential (Czerwinski: page 26 
section 3.1 and page 27 section 3.3 and page 28 section 3.4); said first service determining that 
the capability requested in said request message is within said client capabilities (Czerwinski: 
page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); and said first service 
fulfilling said request message only if the capability requested in said request message is within 
said client capabilities (Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 
section 3.4). 

32. As per claim 67, Czerwinski discloses the carrier medium as recited in claim 62. 
Czerwinski further discloses wherein the program instructions are further computer-executable to 
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implement: said client generating a message gate for accessing said first service (Czerwinski: 
page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4); said message gate sending 
request messages from said client to said first service to an access said first service, wherein said 
message gate includes said authentication credential in each message to said first service 
(Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4). 

33. As per claim 68, Czerwinski discloses the carrier medium as recited in claim 67. 
Czerwinski further discloses wherein the program instructions are further computer-executable to 
implement: said message gate verifying that each message sent from said client to said first 
service complies with a data representation language schema (Czerwinski: page 26 section 3.1 
and page 27 section 3.3 and page 28 section 3.4), wherein said data representation language 
schema defines a message interface for accessing said first service (Czerwinski: page 26 section 
3.1 and page 27 section 3.3 and page 28 section 3.4). 

34. As per claim 70, Czerwinski discloses the carrier medium as recited in claim 69. 
Czerwinski further discloses wherein said service advertisement further comprises a data 
representation language schema defining a message interface for accessing said first service, and* 
wherein the program instructions are further computer-executable to implement: said message 
gate verifying that every message sent from said client to said first service complies with said 
data representation language schema (Czerwinski: page 27 section 3.1). 
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35. As per claim 71, Czerwinski discloses the carrier medium as recited in claim 70. 
Czerwinski further discloses wherein said data representation language schema is an extensible 
Markup Language (XML) schema and said messages from said client to said first service are 
XML messages (Czerwinski: page 27 section 3.1 and page 25 section 2.3). 

36. As per claim 72, Czerwinski discloses the carrier medium as recited in claim 69. 
Czerwinski further discloses wherein the program instructions are further computer-executable to 
implement: said first service using said authentication service to determine if said authentication 
credential received in a first message from said client is authentic (Czerwinski: page 26 section 
3.1 and page 27 section 3.3 and page 28 section 3.4); said first service determining which 
capabilities of said first service said client is authorized to use (Czerwinski: page 26 section 3.1 
and page 27 section 3.3 and page 28 section 3.4); and said first service responding to said first 
message from said client only if said first message is for an authorized capability for said client 
(Czerwinski: page 26 section 3.1 and page 27 section 3.3 and page 28 section 3.4). 

Claim Rejections - 35 USC § 103 

37. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

38. Claims 16, 23, 38, 39, and 56 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Czerwinski in view of Johnson et al. U.S. Pat. No. 5560008 (hereinafter Johnson). 
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39. As per claim 16 and 38, Czerwinski discloses the method as recited in claims 1 and 27 
respectively. Czerwinski does not explicitly discloses wherein said client accessing an 
authentication service to obtain an authentication credential to use a first service comprises said 
authentication service returning said authentication credential to said client only if said client is 
authorized to access said first service. However, Johnson discloses a server creates authentication 
credential for client based on the security facts of clients and server authenticates client based on 
capabilities (Johnson: column 5 lines 30-65). It would have been obvious to one having ordinary 
skill in the art at the time of applicant's invention to combine the teachings of Johnson within the 
system of Czerwinski because establishing client's authentication credential by authentication 
server to eliminate the need for authentication repeatedly thus increases efficiency of 
communication. 

40. As per claim 22 and 23, Czerwinski discloses the method as recited in claims 21 and 20 
respectively. Czerwinski does not explicitly disclose the method further comprising said first 
service noting whether or not said authentication credential is authentic so that said first service 
does not need to repeat said using said authentication service to determine if said authentication 
credential received in a first message from said client is authentic. However, Johnson discloses 
that limitation (Johnson: column 5 lines 30-65). Same rationale applies here as above in rejecting 
claim 16. 
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41. As per claim 39 and 56, Czerwinski discloses the client device as recited in claims 27 and 
51 respectively. Czerwinski does not explicitly disclose wherein said authentication service and 
said first service are configured to execute within a service device, and wherein said client device 
is further configured to couple to said service device via a network. However, Johnson discloses 
these limitations (Johnson: column 5 lines 30-65). It would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to combine the teachings of Johnson 
within the system of Czerwinski because it is well known in the art for a server to provide 
authentication and service together. 

42. Claim 40 is rejected under 35 U.S.C. 103(a) as being unpatentable over Czerwinski in 
view of Applicant's Applied Prior Art (hereinafter AAPA). 

43. As per claim 40, Czerwinski discloses the client device as recited in claim 27. 
Czerwinski does not explicitly disclose wherein said client device is further configured to couple 
to a network via a wireless connection. However, AAPA discloses that limitation (AAPA: 
related prior art: interconnecting devices from pda, cell phones, laptop computer, etc.). It would 
have been obvious to one having ordinary skill in the art to combine the teachings of AAPA 
within the system of Czerwinski because it is well known in the art to use wireless network to 
connect various types of electronic devices. 



Application/Control Number: 09/653,227 Page 16 

Art Unit: 2131 

Response to Arguments 

44. Applicant's arguments filed 1 1/16/04 have been fully considered but they are not 
persuasive. 

45. Regarding claim 1, applicant argues that Czerwinski fails to teach determining client 
capabilities for the client, and binding the client capabilities to the authentication credential. 
However, Czerwinski discloses the CM generates the capability after authentication so that the 
SDS can perform access control based on the capabilities sent by clients. Therefore, the 
capabilities received by the client from CM is actually the authentication credential and the 
applicant's argument is respectfully traversed. 

46. Regarding claim 3, applicant argues that Czerwinski does not disclose said first service 
includes a data representation language schema defining a message interface for accessing said 
first service. However, Czerwinski discloses that a client submits a query in the form of an XML 
template so that the SDS can use the form to perform service for the client (page 27 section 3.1 
paragraph 5). Therefore, the XML template is a data representation language schema to define a 
interface for the service to perform tasks. 

47. Regarding claim 17, applicant argues that Czerwinski does not disclose the message gate 
embeds the authentication credential in every message. However, Czerwinski discloses that 
when the client sends a query to the SDS server, the client include the client's capabilities 
(access rights) (Czerwinski: page 27 section 3.1 paragraph 5). Therefore, applicant's argument is 
respectfully traversed. 
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Conclusion 

48. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Shambroom U.S. Pat. No. 6301661 discloses enhanced security for applications 
employing downloadable executable content. 

Trostle U.S. Pat. No. 6775783 discloses client security for networked applications. 

Prabandham et al. U.S. Pat. No. 6668327 discloses distributed authentication mechanisms 
for handling diverse authentication systems in an enterprise computer system. 

49. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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